Understanding the EU AI Act – A Game-Changer for AI Regulation

A little over a year ago, the European Union (EU) passed a monumental legislation to help regulate the growth of AI called the EU AI Act. This Act represents a significant milestone in legislation and will have a huge impact on companies of all sizes.

In order to better understand the ins and outs of this groundbreaking new Act, we sat down with legal expert Clara Hochleitner-Wanner, who holds a Master of Laws from the University of Pennsylvania Law School. Our interview stretched over two episodes, with part one focused on the core principles of the AI Act, its similarities to the GDPR, and its how it’s being applied from a general standpoint.

EU AI Act: What is it?

The EU AI Act, adopted on March 13, 2024, and coming into force in August of that year, is the latest bit of regulation presented by the EU in an effort to create a specific focus on AI regulation. This bit of legislation works in tandem with existing legislation like GDPR.

According to Clara, she envisions universities teaching this new act in the same way they offered courses on GDPR when that bit of legislation was first announced. She also emphasizes that this new regulation adds to the general regulation ecosystem instead of replacing any prior acts.

Is the AI Act the “New” GDPR?

In short, no. While the GDPR primarily focuses on data protection, the AI Act aims to regulate the development and deployment of AI systems based on their risk levels. Many have compared the AI Act to the General Data Protection Regulation (GDPR), another major piece of regulation passed by the EU back in 2016 and going into force two years later. GDPR specifically focused on reshaping global data privacy standards. Like GDPR, the AI Act is directly applicable across all EU member states, meaning it does not require transposition into national law. The AI Act has also gained widespread attention in legal and business circles, much like the GDPR did when it was first introduced. 

Who and What is Affected by the AI Act?

One of the most striking aspects of the AI Act is just how wide of a net it casts when it comes to application. Unlike other regulations that apply only to large corporations, the AI Act covers all providers, deployers, importers, and distributors of AI systems, regardless of company size. Even AI developers and users outside the EU are subject to the Act if their AI systems are used within the EU market.

"The AI Act includes duties for providers as well as for deployers of AI systems. Moreover, the AI Act also applies to importers and distributors of AI systems. The definition of “deployer”, specifically, is quite far reaching, since it basically includes all kinds of professional use of AI systems. Personal, non-professional use, however, is not covered by the AI Act.“ – Dr. Clara Hochleitner-Wanner.

There are a few exceptions to the AI Act’s scope. AI applications used for military, defense, national security, and scientific research purposes are generally exempt. Organizations engaging in AI research, testing, or development may also qualify for certain exclusions, though real-world testing conditions might still fall under the regulation.

In Part 2 of our conversation, we’ll dive deeper into the AI Act’s definition of AI, high-risk AI classifications, and business obligations. Be sure to tune in to the next episode for a more detailed breakdown of what companies need to do to stay compliant.

Want to stay ahead of AI regulation? Listen to the full episode and subscribe for updates.